Friday, March 5, 2021
  • Zero-Trust in a Trusting World
  • It’s an Amazing Time to Be in Digital Identity
  • The Case for Collective Defense of the Public Sector
  • Ask the Expert: Why is it critical that organization mature their cyber risk program now?
  • What is Encryption Key Management and KMS Implementation?

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Careers Security Awareness Security Bloggers Network 

Home » Cybersecurity » Careers » Don’t Let DNS Flag Day Become Your DNS Doomsday

Don’t Let DNS Flag Day Become Your DNS Doomsday

by Tripwire Guest Authors on December 18, 2018

News Flash: Your DNS might be broken, and you don’t even know it. But wait? How could I not know my DNS is broken? Well, the answer lies in the history of the DNS standards and what has become the cobbling together of features within authoritative and recursive DNS server software. It all started going south about 19 years ago with the introduction of Extension Mechanisms for DNS (EDNS(0)). The standards for EDNS(0) were solidified in 2013 in RFC 6891 but have been evolving ever since.

So what’s the big deal? What does EDNS(0) do for me? EDNS(0) allows DNS features like DNSSEC, Client Subnet and other “extensions” to be built into the DNS protocol. It also allows DNS to respond with records larger than 512 bytes. The problem facing the Internet has to do with the way in which some DNS servers respond to requests when asked if they support specific EDNS(0) features. The standard calls for those servers that DO NOT support the requested feature to simply ignore the request flag and return a normal DNS response. A broken DNS server will either not respond to the request at all or in the worst cases simply crash.

The result is obviously no DNS response to any requests from recursive servers. Most recursive servers see the first failed request containing EDNS(0) data time out and retry WITHOUT including the EDNS(0) information. This is a workaround and results in terribly slow DNS resolution – responses can take upwards 5-10 seconds depending upon timeout settings on the recursive resolver. The work around is not pretty and terrible for Internet performance. Recursive resolvers that employ these workarounds are also subject to exploitation, so there’s all the more incentive for recursive providers to tighten the code.

Enter the mighty power of a conglomerate (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/security-awareness/dns-flag-day-dns-doomsday/

December 18, 2018December 19, 2018 Tripwire Guest Authors dns, DNS Flag, domain, Featured Articles, Security Awareness
  • ← Let’s Talk about Murphy’s Law for SSL/TLS x.509 Certificate Outages
  • From GDPR to Meltdown: A Look Back at Memorable Infosec Events in 2018 (Part 1) →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Social Media Risks Increasing in 2021
Betting Big on Identity and Authentication
Twitter Removes Russian Disinformation Accounts
Edge Computing Growth Drives New Cybersecurity Concerns
Survey Finds Low Confidence in Medical Device Security
Cyber Security Roundup for March 2021
What is a Man-in-the-Middle Attack? Detection and Prevention Tips
DoD: Get Started With a CMMC Self-Assessment Now | Apptega
CISO Stories Podcast: Without Building a CISO EQ, You May Be On Your Own
We are living in 1984 (ETERNALBLUE)

Upcoming Webinars

Tue 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mon 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mon 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Wed 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mon 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm
Wed 31

The Anatomy of an Account Takeover Attack

March 31 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

A Close Call Prompts Security Reassessment
Application Security Cybersecurity Data Security Industry Spotlight Malware Security Boulevard (Original) 

A Close Call Prompts Security Reassessment

March 4, 2021 Rui Ribeiro | Yesterday 0
Breach Clarity Data Breach Report: Week of March 1
Cybersecurity Industry Spotlight Security Boulevard (Original) Threats & Breaches Vulnerabilities 

Breach Clarity Data Breach Report: Week of March 1

March 3, 2021 Kyle Marchini | 1 day ago 0
Betting Big on Identity and Authentication
Application Security Cloud Security Cybersecurity Data Security Endpoint Identity & Access Industry Spotlight Network Security Security Boulevard (Original) 

Betting Big on Identity and Authentication

March 1, 2021 Raz Rafaeli | 3 days ago 0

Top Stories

Chinese Exchange Hack: At Best, Microsoft is Incompetent
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Chinese Exchange Hack: At Best, Microsoft is Incompetent

March 4, 2021 Richi Jennings | Yesterday 0
Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it

March 2, 2021 Richi Jennings | 2 days ago 0
‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It

February 26, 2021 Richi Jennings | Feb 26 0

Security Humor

via   the  Comic Noggins  of   Nitrozac     and     Snaggy     at     The Joy of Tech®   !

Joy Of Tech® ‘Google Goes All Pro-Privacy!’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.